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DETAILED ACTION 

1 . This action is responsive to communications: application, filed 7/3/2003; 
amendment filed 12/4/2006. 

2. Claims 1-36 are pending in the case. 

Response to Arguments 

3. Applicant's arguments have been fully considered. 

3. 1 . Applicant argues, " As noted all of the independent claims are defining that the 
kernel modules must be verified before loading. Consequently, the teachings of 
Rowland do not apply, as Rowland's system allows loading of kernel modules, and it is 
not until a later point that they are detected, as noted in Paragraph 149." It is noted that 
Applicant interprets the claim limitations to require verification before loading the kernel 
modules. However, claim limitations require verification while the kernel modules are 
being loaded, and not necessarily before they are loaded. It is also noted that Applicant 
interprets Rowland's teachings of detecting Loadable Kernel Modules (LKM) to be 
limited to already loaded kernels, and not applicable to kernels being loaded or not 
loaded. In other words, per Applicant's view, Rowland does not teach detecting LKMs 
before they are loaded or while they are loaded being loaded in real-time. However, 
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Rowland incorporates teachings of U.S. Patent Application number 09/268084, to 
Rowland (see parag. 136), which is now U.S. Patent No. 6,405,318, titled Intrusion 
Detection System. In said patent, Rowland clearly recognized the benefits and teaches 
an intrusion detection system that works in real-time to detect malicious activity before 
they reach the system (see for example col. 2 line 1 to col. 3 line 5). Therefore, Rowland 
suggests performing the verification of LKMs before or during loading to the system. 

Based on the above discussion, applicant's argument that limitations of claims are not 
disclosed or obvious over Rowland is not persuasive. 

3.2. Applicant's argument relative to some elements of dependent claims missing 
from Rowland is found persuasive. The mentioned dependent claims are incorporated 
into the independent claims as a result of applicant's amendments. See the new 
grounds of rejection in the following sections. 

Information Disclosure Statement 

4. Information Disclosure Statement submitted by applicant on 12/4/2006 has been 
considered. See attached form PTO-1449. 



Claim Rejections - 35 USC § 103 
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5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1, 3-13, 15-25, 27-32, 34 and 35 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Rowland (US Patent Application Publication No. 2002/0129264 
A1, filed January 10,2002). 

6.1 . As per claim 1 , Rowland is directed to a computer system comprising: a 
processor; a memory storage unit; an operating system comprising a kernel, said kernel 
comprising a plurality of kernel modules, said kernel modules comprising signature 
information; and a kernel module signature verification system for verifying said kernel 
module signature information of each of said plurality of kernel modules as said plurality 
of kernel modules are loaded into said kernel (paragraph 149 describes a Loadable 
Kernel Module Agent 1306, which is an agent looking for loadable kernels and verifies 
their validity. As shown in Fig. 1 3, item 1 306 is one of the agents in the group of Mobile 
Autonomous Code (MAC) Security Agents. Another one of the MAC agents is Known 
Intrusion Agent 1305 (paragraph 148), which uses signatures to identify intrusions such 
as suspect loadable kernel modules), wherein said kernel module signature information 
is generated via a public key and a private key compilation in said kernel module (use of 
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public and private keys to create a signature verification protocol is well-known in the 
art). 

6.2. Claim 2 has been cancelled by the applicant. 

6.3. As per claims 3 and 4, Rowland js directed to the computer system of claim 1 , 
wherein said kernel module signature information comprises signature length data 
unique to each of said plurality of kernel modules, said signature length or size data 
used by said kernel module signature verification system in uniquely identifying each of 
said plurality of kernel modules (the signature verification process generates the 
signature of data and compares it with the signature. The generated signature and the 
signature must be identical, which means the length and size of the generated signature 
and the signature must also be identical). 

6.4. As per claim 5, Rowland is directed to the computer system of claim 4, wherein 
said kernel module signature verification system comprises a kernel cryptographic 
framework for verifying said kernel module signature information (paragraph 132). 

6.5. As per claim 6, Rowland is directed to the computer system of claim 5, wherein 
said kernel module signature verification system further comprises a kernel 
cryptographic framework daemon for performing verification lookup operations of 
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signature information provided to said kernel cryptographic framework in said kernel 
(paragraph 153 shows use of system daemons to run a software process). 

6.6. As per claim 7, Rowland is directed to the computer system of claim 6, wherein 
said kernel cryptographic framework daemon further performs module verification of 
said plurality of kernel modules (see response to claim 6). 

6.7. As per claim 8, Rowland is directed to the computer system of claim 7, wherein 
said kernel cryptographic framework retrieves pathname information of said signature 
information for each of said plurality of kernel modules when said plurality of kernel 
modules attempt to load up to said kernel to perform cryptographic operations 
(retrieving the pathname information is part of a typical access process in a computer. 
When the signature is fetched from the memory to the cryptographic process, it is 
accessed by its pathname.) 

6.8. As per claim 9, Rowland is directed to the computer system of claim 8, wherein 
said kernel cryptographic framework comprises a cryptographic service provider 
registration unit for registering each of said plurality of kernel modules wishing to 
provide cryptographic services in said kernel (per paragraph 29, all agents and 
processes of Rowland register with a module that oversees their operation). 
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6.9. As per claim 10, Rowland is directed to the computer system of claim 9, wherein 
said kernel cryptographic framework further comprises a intra-kernel communication 
unit for enabling communications between said kernel cryptographic framework and 
said kernel cryptographic framework daemon (paragraph 29 suggests a Master Control 
Process which is a communication unit allowing elements of the system to communicate 
with one another.). 

6.10. As per claim 1 1 , Rowland is directed to the computer system of claim 10, 
wherein said kernel cryptographic framework further comprises a data structure unit for 
storing said kernel module signature information (Rowland agents access to many 
different kinds of data, including signature data. Use of datastructures in computer 
systems to provide data to processes is well-known in the art). 

6.11. Limitations of claims 12, 13, 15-22, 25, 27-32, and 35 are substantially the same 
as claims 1-11 above. 

6.12. As per claim 23, Rowland is directed to the computer operating system of claim 
22, wherein said kernel cryptographic framework and said kernel cryptographic 
framework daemon communicate via a plurality of input/output control commands 
(paragraphs 29-31 describes how handlers communicate with one another to exchange 
messages. The messages contain commands to initiate the functionality of each 
handler). 
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6.1 3. As per claim 24, Rowland is directed to the computer operating system of claim 
23, wherein said input/output control commands comprise a door create command for 
creating a plurality of cryptographic doors for enabling communication between said 
kernel cryptographic framework and said kernel cryptographic framework daemon 
(paragraph 87 discloses use of secured messaging between different elements of the 
system). 

6.14. As per claim 34, Rowland is directed to the method of claim 33, wherein said 
kernel cryptographic framework daemon verifies signature data contained in each of 
said plurality of kernel cryptographic modules after said requesting kernel module has 
registered with said kernel cryptographic framework (Rowland verifies validity of files, 
messages and other data using the signature handler (paragraph 124-127). The 
signature handler verifies signatures used by the Loadable Kernel Module Agent 1306, 
or Known Intrusion Agent 1305 to detect unauthorized Kernel modules). 

6.15. Claims 14, 26, 33 and 36 were cancelled by the applicant. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is 571 
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272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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